Inside the Axios Cross-Platform RAT: How Sophisticated Malware Targeted Developer Machines in a Landmark npm Supply Chain Attack

On March 31, 2026, the JavaScript ecosystem faced one of its most brazen supply chain attacks in history. Two versions of Axios — the ubiquitous HTTP client with over 83 million weekly downloads — were weaponized to deliver a cross-platform remote access trojan (RAT) capable of compromising developer machines across macOS, Windows, and Linux. For the cryptocurrency community, where developer endpoints often store private keys, wallet credentials, and deployment pipeline secrets, the implications are profound.

The Exploit Mechanics

The attack began with a methodical social engineering campaign against the lead Axios maintainer, known on npm as “jasonsaayman.” The threat actor gained control of the maintainer’s npm account, changed the registered email address to a Proton Mail address, and obtained a long-lived classic npm access token. This allowed the attacker to bypass the project’s GitHub Actions CI/CD pipeline entirely and publish poisoned versions directly to the npm registry.

The malicious payload was staged with surgical precision. On March 30 at 05:57 UTC, a clean version of a new dependency called “[email protected]” was published. Eighteen hours later, at 23:59 UTC, version 4.2.1 was released with the malicious payload injected. The timing was deliberate — the clean version established a baseline, making the poisoned update appear as a routine patch.

Within 39 minutes on March 31, two Axios versions (1.14.1 at 00:21 UTC and 0.30.4 at 01:00 UTC) were published with “[email protected]” injected as a runtime dependency. Both Axios release branches were hit almost simultaneously, maximizing the blast radius across projects pinned to either the latest or legacy versions.

Affected Systems

The RAT was designed as a platform-aware dropper, branching into three distinct attack paths depending on the operating system of the infected machine. On macOS, the malware executed an AppleScript payload that fetched a trojan binary from the command-and-control server, saved it as “/Library/Caches/com.apple.act.mond,” modified its permissions to make it executable, and launched it via /bin/zsh. The AppleScript file was then deleted to erase forensic evidence.

On Windows, the dropper located the PowerShell binary, copied it to a disguised location mimicking the Windows Terminal application, and wrote a Visual Basic script to establish persistence. On Linux, the malware deployed a similar strategy using shell scripts to fetch and execute platform-specific second-stage payloads from the same command-and-control infrastructure.

After execution on all platforms, the malware deleted itself and replaced its own package.json with a clean version, making post-incident forensics significantly more challenging. Security researchers at StepSecurity described the operation as anything but opportunistic: the malicious dependency was staged 18 hours in advance, three separate payloads were pre-built for three operating systems, and every trace was designed to self-destruct.

The Mitigation Strategy

StepSecurity researcher Ashish Kurmi identified the compromise, and Elastic Security Labs filed a GitHub Security Advisory to the Axios repository at 01:50 AM UTC on March 31 to coordinate disclosure. The malicious Axios versions (1.14.1 and 0.30.4) along with “plain-crypto-js” were removed from the npm registry.

The immediate remediation required all projects using the compromised versions to downgrade to Axios 1.14.0 or 0.30.3. However, the more critical action was the rotation of all secrets and credentials that may have been exposed on machines where the malicious versions were installed. For crypto developers, this includes rotating API keys, deployment tokens, and — most critically — any wallet private keys or seed phrases that may have been stored on affected development machines.

Lessons Learned

The Axios attack exposes fundamental weaknesses in how the JavaScript ecosystem manages trust. With 83 million weekly downloads, Axios sits at the center of countless web applications, backend services, and — critically — crypto project build pipelines. A single compromised maintainer account was sufficient to weaponize this trusted dependency against millions of developers.

The attack also demonstrates the growing sophistication of supply chain threats. The 18-hour staging period, triple-platform payload preparation, and self-destructing forensic evidence indicate a well-resourced threat actor, likely linked to a nation-state or advanced criminal operation. The use of Proton Mail addresses and a custom command-and-control domain suggests operational security awareness that goes beyond typical opportunistic attacks.

For cryptocurrency projects specifically, the lesson is clear: developer endpoint security is not optional. Any machine that touches private keys, smart contract deployment wallets, or CI/CD pipelines must be treated as a high-value target. The Axios compromise proves that even the most trusted open-source packages can become attack vectors.

User Action Required

If you or your team installed Axios version 1.14.1 or 0.30.4 between March 31 and the time of removal, assume your machine was compromised. Take the following steps immediately: audit your package-lock.json files for “plain-crypto-js” references, rotate all credentials that were accessible on affected machines, check for the macOS artifact at “/Library/Caches/com.apple.act.mond,” review process lists and network connections for unexpected activity, and implement npm package signing and lockfile linting to prevent future supply chain attacks. Bitcoin traded at $68,233 and Ethereum at $2,105 on the day of the attack — a reminder that significant crypto assets are always at stake when developer infrastructure is compromised.

Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always consult with qualified security professionals for incident response.